- name: Make sure the ticketkey is deployed
  copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey
        owner=root group=root mode=0600
  notify:
  - reload proxyhttpd

- name: Copy in the main httpd.conf file for proxy nodes
  template: >
    src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
    owner=root group=root mode=0644
  notify:
  - reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Make sure certain files are gone
  file: dest=/etc/httpd/conf.d/{{item}} state=absent
  with_items:
  - welcome.conf
  tags:
  - httpd
  - httpd/proxy

- name: Copy over some basic configs into /etc/httpd/conf.d/
  template: >
    src={{item}} dest=/etc/httpd/conf.d/{{item}}
    owner=root group=root mode=0644
  with_items:
  - forwarded.conf
  - 02-ticketkey.conf
  - 03-reqtimeout.conf
  notify:
  - reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Remove the keepalives configuration
  file: path=/etc/httpd/conf.d/01-keepalives.conf state=absent
  notify:
  - reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: set the apache mpm to use event MPM
  copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
  notify:
  - reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: install libsemanage
  package:
    state: present
    name:
    - libsemanage-python
  tags:
  - httpd
  - httpd/proxy
  - selinux
  when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')

- name: install libsemanage in a python3 manner
  package:
    state: present
    name:
    - python3-libsemanage
  tags:
  - httpd
  - httpd/proxy
  - selinux
  when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)

- name: Turn on certain selinux booleans we need for our proxy layer
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  # We need this for httpd to be able to reverseproxy to other machines.
  - httpd_can_network_connect
  tags:
  - httpd
  - httpd/proxy
  - selinux

- name: Create pki/httpd
  file: path=/etc/pki/httpd state=directory
        owner=root group=root mode=0600
  tags:
  - httpd
  - httpd/proxy

- name: disable systemd-oomd we do not need or want it
  service: name=systemd-oomd state=stopped enabled=no
  tags:
  - httpd
  - httpd/proxy
  - disablesystemdoomd
